<font color="brick"><b> Without Auth </b></font>

In [5]:
# api_client/client.py
import requests

response = requests.get("http://127.0.0.1:8000/data")

if response.status_code == 200:
    data = response.json()
    print("Successful API call :")
    print(data)
else:
    print("Failed API call :", response.status_code)


Successful API call :
{'id': 20, 'value': 14.64, 'description': 'Randomly generated datapoint'}


<font color="brick"><b> With Static API Key </b></font>

In [7]:
# api_client/client.py
import requests

API_KEY = "mysecretkey123"  # This is static key
headers = {
    "X-API-Key": API_KEY
}

response = requests.get("http://127.0.0.1:8000/data", headers=headers)

if response.status_code == 200:
    data = response.json()
    print("Successful API call :")
    print(data)
else:
    print("Failed API call :", response.status_code)


Successful API call :
{'id': 66, 'value': 72.07, 'description': 'Randomly generated datapoint'}


In [9]:
# api_client/client.py
import requests

API_KEY = "mysecretkey1234"  # Wrong Key
headers = {
    "X-API-Key": API_KEY
}

response = requests.get("http://127.0.0.1:8000/data", headers=headers)

if response.status_code == 200:
    data = response.json()
    print("Successful API call :")
    print(data)
else:
    print("Failed - Status Code :", response.status_code)


Failed - Status Code : 401


<font color="brick"><b> With Token[OAuth2-JWT] based API Key </b></font> 

In [27]:
# api_client/client.py
import requests

USERNAME = "demo_user"
PASSWORD = "demopass"

# 1. Get token
token_response = requests.post(
    "http://127.0.0.1:8000/token",
    data={"username": USERNAME, "password": PASSWORD}
)

if token_response.status_code == 200:
    token = token_response.json()["access_token"]
    headers = {"Authorization": f"Bearer {token}"}
    print("Token received: ", token)

    # 2. Call /data
    data_response = requests.get("http://127.0.0.1:8000/data", headers=headers)
    if data_response.status_code == 200:
        print("Got protected data:")
        print(data_response.json())
    else:
        print("Failed to fetch data:", data_response.status_code, data_response.text)
else:
    print("Failed to authenticate:", token_response.status_code, token_response.text)


Token received:  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vX3VzZXIiLCJleHAiOjE3NDUxNjg2NTB9.gu8RUoIVKL2BZNpxP5z2-KhVt1iwBY-2yTobwtQaadY
Got protected data:
{'id': 104, 'value': 95.6, 'description': 'Randomly generated datapoint'}


In [28]:
headers

{'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vX3VzZXIiLCJleHAiOjE3NDUxNjg2NTB9.gu8RUoIVKL2BZNpxP5z2-KhVt1iwBY-2yTobwtQaadY'}

In [29]:
## REGENERATE YOUR PASS : As password is hashed pass in DB for match
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
hashed = pwd_context.hash("demopass")
print(hashed)

$2b$12$s6Pn71eMrd2bVEzZUcobY.exMTD2TENt2yuP.rJyy6Ceaq7NdQZ2q


Using Wrong Key

In [30]:
# api_client/client.py
import requests

USERNAME = "demo_user"
PASSWORD = "demopasss" # Wrong Password

# 1. Get token
token_response = requests.post(
    "http://127.0.0.1:8000/token",
    data={"username": USERNAME, "password": PASSWORD}
)

if token_response.status_code == 200:
    token = token_response.json()["access_token"]
    headers = {"Authorization": f"Bearer {token}"}
    print("Token received: ", token)

    # 2. Call /data
    data_response = requests.get("http://127.0.0.1:8000/data", headers=headers)
    if data_response.status_code == 200:
        print("Got protected data:")
        print(data_response.json())
    else:
        print("Failed to fetch data:", data_response.status_code, data_response.text)
else:
    print("Failed to authenticate:", token_response.status_code, token_response.text)


Failed to authenticate: 401 {"detail":"Invalid username or password"}


In [37]:
# api_client/client.py
import requests

USERNAME = "user_2"
PASSWORD = "iamuser2pass" # Wrong Password

# 1. Get token
token_response = requests.post(
    "http://127.0.0.1:8000/token",
    data={"username": USERNAME, "password": PASSWORD}
)

if token_response.status_code == 200:
    token = token_response.json()["access_token"]
    headers = {"Authorization": f"Bearer {token}"}
    print("Token received: ", token)

    # 2. Call /data
    data_response = requests.get("http://127.0.0.1:8000/data", headers=headers)
    if data_response.status_code == 200:
        print("Got protected data:")
        print(data_response.json())
    else:
        print("Failed to fetch data:", data_response.status_code, data_response.text)
else:
    print("Failed to authenticate:", token_response.status_code, token_response.text)


Token received:  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzIiLCJleHAiOjE3NDUxNjg5MzN9.tW9IvawcOU8oYiR-H5xFapRTup3sR7iVlIJgfEAL0UU
Got protected data:
{'id': 174, 'value': 25.49, 'description': 'Randomly generated datapoint'}


In [36]:
## REGENERATE YOUR PASS : As password is hashed pass in DB for match
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
hashed = pwd_context.hash("iamuser2pass")
print(hashed)

$2b$12$4fxon8c3dC5.OVRw8eOMmu1cwJRYw33Ki5TUan3hd6qJd5H2wL17q


<font color="brick"><b> With OAuth2 based API Key (Auto Refresh) </b></font> 

TEST

In [None]:
# jupyter nbconvert --to html "client_script.ipynb"